From: domg472@gmail.com (Dominick Grift) Date: Wed, 6 Oct 2010 15:21:31 +0200 Subject: [refpolicy] [ patch 1/1] [RETRY] consoletype: needs to use system dbus file descriptors. Message-ID: <20101006132125.GA2160@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Dominick Grift --- :100644 100644 e41f830... 5b0021f... M policy/modules/admin/consoletype.te :100644 100644 39e901a... 0d5711c... M policy/modules/services/dbus.if policy/modules/admin/consoletype.te | 4 ++++ policy/modules/services/dbus.if | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 0 deletions(-) diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te index e41f830..5b0021f 100644 --- a/policy/modules/admin/consoletype.te +++ b/policy/modules/admin/consoletype.te @@ -75,6 +75,10 @@ optional_policy(` ') optional_policy(` + dbus_use_system_bus_fds(consoletype_t) +') + +optional_policy(` files_read_etc_files(consoletype_t) firstboot_use_fds(consoletype_t) firstboot_rw_pipes(consoletype_t) diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if index 39e901a..0d5711c 100644 --- a/policy/modules/services/dbus.if +++ b/policy/modules/services/dbus.if @@ -445,6 +445,24 @@ interface(`dbus_system_domain',` ######################################## ## +## Use and inherit system DBUS file descriptors. +## +## +## +## Domain allowed access. +## +## +# +interface(`dbus_use_system_bus_fds',` + gen_require(` + type system_dbusd_t; + ') + + allow $1 system_dbusd_t:fd use; +') + +######################################## +## ## Dontaudit Read, and write system dbus TCP sockets. ## ## -- 1.7.2.3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101006/6236ac02/attachment.bin